1. Field of the Invention
The present invention is related to methods for anti-virus (AV) protection and, in particular, to a method and system for dynamic configuration of security modules in local network for optimization of security tasks.
2. Description of the Related Art
Security of data located on user PCs, mobile devices or within enterprise systems is a problem that only becomes more complex every day. A large number of new malware applications appear practically every day. Each of these malware applications can cause computer failures or result in a loss or theft of critical personal user data. Many of the known malware applications are frequently modified, so they become harder to detect.
Modern computer threats include not only the typical computer viruses but more sophisticated malware applications, such as, for example, Trojans, worms, rootkits, exploits, etc. For example, the rootkits hide their presence in the operating system, which makes them difficult to detect. The exploits use application vulnerabilities for attacks and for gaining unauthorized access to the system resources.
Modern AV solutions, such as Symantec Endpoint Protection, McAfee Total Protection and Trend Micro Worry-Free Business Security, successfully deal with the majority of existing threats. However, some security issues still exist. One of the problems is that enterprise networks contain a large number of computers with various sets of hardware components. In some networks, older versions exist that do not provide sufficient resources for modern applications, as do modern OSs (such as, for example, Microsoft Windows 7) and newest version of the AV applications.
Furthermore, modern AV applications and/or security systems contain a large number of modules that deal with various tasks. FIG. 1 depicts a typical set of security modules. Some of these modules are necessary for the functionality of user applications (for example, an update module and a file anti-virus).
Other modules may be required depending on user needs. For example, email and Internet require additional modules, such as: mail anti-virus (AV) 115, web AV 120, IM AV 125 (for checking data exchanged using Instant Messenger), firewall 135, file AV 110, etc. Some other modules can be used as additional security means, such as: anti-spam module 140, a backup module 160, a personal data manager 175, a virtual keyboard 190, data encryption module 170, control center 165, anti-phishing module 145, etc.
Modules, such as an anti-banner module 150 and parental control 185 are used by web browsers for Internet surfing. Some modules require a lot of system resources and time for checking the system. However, some of these modules can be effective even against unknown malware objects and new types of attacks.
For example, Host Intrusion Prevention System (HIPS) module 130 limits access to computer resources for unknown applications; a Proactive Defense Module 199 can detect infection in its active phase; an emulator 195 and a Virtual Machine 155 are used for safe execution of unknown executable files. All these modules use system resources (i.e., processor time and memory) at different levels.
AV application vendors duplicate security-related functionality at different network nodes. For example, effective anti-spam solution used at network gateway can eliminate a necessity of using this solution on the end user computers. However, when functionality of AV applications is moved to servers or central network nodes, the problem of insufficient protection of the end user computers becomes critical.
If a malware object is missed at the network gateway (for example, an unknown net worm), all network computers will get infected, if each user computer does not have additional AV protection. Therefore, a security system needs to be balanced at all levels. For example, a security application can be installed on each user computer based on specific user parameters. This reduces the use of system resources.
U.S. Publication No. 2010/0138479A1 describes traffic minimization when loading application modules onto the clients. Each client can select required modules from the list (package definition file) for loading. In U.S. Publication No. 2010/0042991A1 the system allows for configuring a list of user applications based on user hardware settings (including hardware changes).
WO 2010/016833A1 discloses installation of applications as an array that depends on specific flags. The flags can be based upon hardware configuration or can be based on computer users. U.S. Publication No. 2003/0200149A1 is directed to creation of a list of required applications in terms of its compatibility with the initial hardware. In order to determine compatibility, application test data with various hardware configurations is used. Once the user selects required hardware, he is automatically provided with a list of recommended applications.
Another solution is a task delegation from the end user computers to a central server. However, the conventional art only deals with load optimization and does not solve a problem of risk level determination. For example U.S. Pat. No. 6,920,632B2 provides an algorithm for cyclical task execution. The tasks are given priorities, and resources are allocated based on the priorities. The invention also solves a problem of resource allocation in cases of priority conflicts and when resources are insufficient.
U.S. Pat. No. 6,377,975B1 discloses task delegation to a least loaded server. All security servers are polled and a possibility of distributing the task among several servers is also determined. KR 2007/032441A deals with load balancing by selecting the least loaded server using fuzzy logic.
Accordingly, there is a need in the art for a system and method that delegate security tasks from the clients (i.e., end user stations) to a server, taking into account importance and priority of the tasks. It is also desired to solve some of the security problems locally on the client. It is also desired to pre-select security tasks on the server for the fastest and efficient execution of these tasks. There is also a need in the art for a system for dynamic configuration of the security modules within a local network for optimization of the security tasks.